Privacy policy

Inquiries regarding application process, applications and personal information should be pointed to the employer (controller) who is in charge for the register.

Recipients of and processors of personal information
Personal information is processed by persons who participate in the recruitment processes. In some cases, third parties such as recruitment consultants or specialists may be used for performing recruitments.

Technical platform for the register is the LAURA™-service. and hence the service provider (LAURA Rekrytointi Ltd, a Finnish company that is located in Finland) acts as a processor of personal information.

Video interviews (including video questions on application forms) are implemented with the RecRight-service, provided by Mobile CV Oy. Data transfer between these services is done using encrypted communications.

Purpose and reason of processing personal information
The purpose of processing personal information is to facilitate recruitment processes of the employer (controller). The objective of the processes is to gain a contract of employment between the employer and applicant. As for the employment period itself (e.g. long or short period employments), the purpose of processing personal information is fulfilling duties regarding performing contract of employment. (General Data Protection Regulation, article 6, paragraph 1b).

Transferring of data outside the EU or EEA
All servers that are used for processing personal information within the service are located in Finland. Data that is stored in the service is not processed outside the EU or EEA by the service provider (LAURA Rekrytointi Ltd). Transferring data outside the EU or EEA may occur e.g. in such cases where persons who participate in the recruitment processes are located outside the EU or EEA. In such and all cases, processing of data is secured with encrypted network communications.

Contents and retention policy of data in the register
The register consists of information that is needed for performing recruitment processes. Information that is collected is indicated on the application form used in the recruitment. The information is collected from the applicants themselves and usually consists of following categories:

Name and contact details such as name, address, e-mail address, telephone number (for identification and communication)

Gender and date of birth (for statistical purposes that aim at developing recruitments)

Information for assessing competence and suitability (e.g. work experience, educational background, language skills and other skills)

Attachments (e.g. CV, cover letter, portfolio, photo)

Data that is created during the recruitment process such as e-mail messages, SMS messages and stored files.

Classifications and notes taken by the employer

In addition, the following information may be collected in the following cases:

Recipient’s e-mail address, if a job posting is forwarded using the ‘Tell to a friend’ functionality.

Recipient’s e-mail address and search criteria when subscribing to job agent for e-mail notifications of open jobs.

Information that is needed in completion of tasks and duties provided by the employment contract may be stored, too. Such tasks and duties may include e.g. payment of salaries and this type of information may include e.g. identification number, details about valid certificates and bank account number for paying salary.
Applications are stored in the service for 365 days from the submission or last modification of the application.

Information may be processed in the service even longer e.g. in cases where the applicant has been hired as an employee or a stand-in for the organisation.

Data protection policies of the register
The controller is responsible for processing the data according to good security policies and according to guidance provided by the controller.

The service provider (LAURA Rekrytointi Ltd) provides technical protection of personal data stored in the service. This comprises e.g. internal data security, access control, security updates of software and backups. In addition to internal tests, the service security is tested against tests driven by third parties.

All communication between the user’s browser and service is always protected with strong encryption.

Rights of the registered
The registered persons have rights to their information. Using these rights takes mostly place in the user interface of the service. The user interface can be accessed using user credentials that are created upon submission of application. The rights are described at in-depth level in the following text:

Access to the information: The data subjects have a right to know if their information is processed in the service. If their information is processed, they have a right to see their information that is stored in the register. The information can be accessed with the user interface of the service. If it is not possible to access the information using the interface, a written request can be be pointed to the data controller.

Right to rectification: The data subjects have a right to request rectification of incorrect inadequate personal information. Rectification can be done in the user interface of the service. If rectification is not possible execute using the interface, a written request can be pointed to the data controller.

Right to erase information: The data subjects have a right to request erasure of their information, if there is no valid reason for keeping the information (e.g. based on law or regulation). Erasure of information can be done in the user interface of the service. If erasure is not possible to do with the interface, a written request can be pointed to the data controller.

Right to restrict processing: Data subjects have a right to request that processing of their data is restricted, if there is a valid justification for the request. Request about restriction of processing can be pointed in written form to the controller.

Right to object processing: Data subjects have a right to object processing personal data if there is a valid justification for the request. Request about objection of processing can be pointed in written form to the controller.

Right to data portability: Data subjects have a right to transfer their personal information from the service in machine-readable form. Transfer of the data can be done in the user interface of the service. If it is not possible to do the transfer in the interface, a written request can be pointed to the data controller.

Right to withdraw consent: If processing of personal data is justified by a consent from data subjects the data subjects have a right to withdraw their consent at any time. Withdrawal of the consent is done with a written request to the controller.

Right to lodge complaint: Data subjects have right to to lodge complaints on matters that cause dissatisfaction regarding the processing of personal data. Complaints can be pointed to controller, processor or a supervisory authority.

Profiling and automated decision
Automated decision making is not used in the service.

Analytics tools (Google Analytics) are used for creating usage statistics and for development of the service.

Cookies
Cookies are used for providing the service and its statistics. Cookies can be restricted by changing browser settings. However, restricting cookies may lead to failures using the service.